Search form

In May 2018, Vistra acquired Radius, making it the number one international expansion services provider in the US. Vistra International Expansion now has more than 1,300 experts working in more than 40 jurisdictions to help you explore new markets and reduce the risk and complexity of global operations. Visit our new website.

United States: California Updates Privacy Act

Share

Updates have been to the California Privacy Act and will become effective January 1, 2020. Under the Act, the personal information of those within the California area is protected. Residents:

are entitled to know why and how their information is being collected;

have the right to request certain additional information;

have the right to know if and where the information is being sold or disclosed (and the right to object to this); and

have the right to have their information deleted.

Employers should consider if the Act applies to them, and if so determine what information they collect and why they collect it. Processes for data requests from California residents should be implemented and privacy policies should be updated.

All types

The General Data Protection Regulation (GDPR), expected to pass in the European Parliament within the week and take effect in 2017, will enforce opt-in requirements for data collection and a “right to be forgotten” that gives consumers total transparency and control over how their personal data is used.

In order to create a unified data protection code across the European Union, the Data Protection Reform agreed upon yesterday will take the form of an EU Regulation, called in this case the General Data Protection Regulation (GDPR). In contrast to the soon-to-be superseded Directive 95/46/EC, the GDPR will be directly applicable across all EU member states, each of which must apply the same rules. Let’s take a look at what this all means for businesses operating in the EU.

Two years ago, Australia was poised to introduce a requirement for data controllers to alert the local regulator of a personal data breach, but it didn’t make it into law. Australia has recently announced that mandatory data breach notification is again on the agenda.